If you have any questions about this post or any related matter, please feel free to contact me at jlaskey@norris-law.com.
Five Important Questions to Ask Your Business’s Website Developer
Creating and maintaining a robust website is an ever-increasing business imperative. Many businesses turn to outside website developers for help. If that includes you, here are some important questions to ask your website developer.
1. Will My Website Satisfy Cybersecurity Requirements?
A robust website will collect names, email addresses, usernames, passwords, and credit card numbers. Cybercriminals want to steal – you guessed it - names, email addresses, usernames, passwords, and credit card numbers. The easy advice is “If you can’t protect it, don’t collect it,” but that can make the website far less valuable to you.
A data breach is not only embarrassing, it is expensive to remedy. All 50 states plus the District of Columbia have laws on the books regarding data breaches. While the provisions vary from state to state, they generally require prompt notice both to affected users and to law enforcement. There can be civil penalties, and of course, the class action plaintiffs’ bar is always paying attention.
If your database includes information from international users, both the European Union and countries throughout the Asia Pacific region have similar requirements. You will want to know, in particular, that your website developer is familiar with and will be able to comply with the EU’s General Data Protection Regulation (GDPR).
2. Will My Website Satisfy Privacy Requirements?
A growing number of jurisdictions have imposed requirements on operators of websites to protect the privacy of their visitors. The California Online Privacy Protection Act is now more than 15 years old, and other states have followed California’s lead, such as Delaware with its Delaware Online Privacy and Protection Act. Despite these widespread requirements, many websites still lack privacy policies, which need to be both comprehensive and conspicuously posted. The lack of a robust privacy policy in the proposal should be a red flag that the website developer is not up to speed regarding these requirements.
3. Will My Website Satisfy Accessibility Requirements?
My partner, Tim McKeown, presciently wrote "Is Your Website ADA Compliant?" earlier this year about websites coming under scrutiny due to the Americans with Disabilities Act. Subsequent to Tim’s piece, Domino’s Pizza asked the United States Supreme Court to review a decision of the Ninth Circuit Court of Appeals that has put Domino’s at risk for ADA non-compliance even though regulations still have not been adopted. In the meantime, litigation under the ADA regarding the accessibility of websites continues apace. For example, earlier this month, a California appeals court upheld a verdict that a restaurant whose website did not permit a blind user to make a reservation had violated the ADA. The fact that the restaurant’s online reservation system had been outsourced to Open Table did not excuse the restaurant. In short, this is an important issue not to be overlooked.
4. Will You Protect Me If I Get Sued?
As should be apparent from the prior discussion, litigation over website content and performance is growing rapidly. Yet many website development agreements disclaim any warranty regarding legal compliance and actually require the client to indemnify the developer if any third party claims are filed.
A website developer’s reluctance to indemnify its clients may be understandable given the risks relative to the value of the engagement. But the fact remains that the developer is in the best position to ensure compliance. And as to the risk-reward issue, this brings us to our next question.
5. Do You Have Insurance to Backstop Your Promises?
A growing variety of insurance policies are available to cover issues related to cybersecurity, privacy, and other compliance issues. Any business with a website should look into obtaining coverage to protect itself directly. At the same time, however, it is not unreasonable to expect website developers to maintain errors and omissions policies. When a business engages an outside professional, be that an engineer, an architect or, yes, even an attorney, it expects that professional to have insurance available to back-stop the professional’s performance. Businesses would be well advised to put website developers into the same category, and require them to maintain appropriate insurance to cover deficiencies in performance.
Once you are satisfied with the answers to these questions, the next step is to make sure the answers are built into your service agreement. This is not easy to accomplish. The form agreements used by most website developers will be written to push responsibility for all of these issues back to the client, who typically lacks the necessary expertise to ensure compliance with these requirements. But the risks are real and require careful attention.
Our Business Law Group is available to work with you the next time you hire a website developer. In the meantime, we will continue to monitor developments in this important area.